While Google remains committed to industry-wide adoption of HTTPS, there isn’t always full compliance on third party ad networks and custom creative code served via our systems. To ensure ads continue to serve on iOS9 devices for developers transitioning to HTTPS, the recommended short term fix is to add an exception that allows HTTP requests to succeed and non-secure content to load successfully.
Confirmed: Google wants me to switch to iOS.
Disgusting.
Confirmed: Google wants me to switch to Sailfish, Ubuntu Touch, or Firefox OS.
Though I’m delighted that each of those platforms exists, none are ready for primetime just yet. This would be like saying you were switching to Haiku as your daily desktop OS (again, beloved but not stable for daily use). If you simply can’t stomach iOS, you could always try BlackBerry 10; at least it’s a complete and secure OS.
And if your argument is “I want to switch from Android to another open source OS like it” I’ve got bad news for you: If you’re running any form of Android other than Replicant, it’s not open source. That goes double if you’re using any Google services.
I already started replying to this, but then I deleted the reply as I thought “what’s the point”, but then it started to really get on my nerves.
So how much time have you spent using these three OSes? I mean you wouldn’t judge something “not stable for daily use” if you have not even tried to use it, would you?
And it would indeed be wonderful if Haiku was so far along as to be commercially available preinstalled on hardware, as is the case with all three. Some of them for several years, even though they are apparently not ‘stable for daily use’
I have a FirefoxOS phone, I have it with me all day every day for several years now (need to carry a phone for my work).
Not a big apps person, but it does what I need.
The OS seems fine. It’s pretty cheap hardware, not so capable. The battery is getting worse now, I’ll be looking for a new phone soon.
What I really like is how it uses Web Activities (similar to Android Intents) instead of app needing permissions apps don’t get any permissions, the app requests information when it needs it.
Does App X need 1 contact, like the dialer app, pop up the contacts-app and choose a contact.
App X doesn’t need access to my contact list. So my privacy is guaranteed (except of course that the location of my phone is recorded every 5 minutes and stored in some government database 🙁 ).
I haven’t used Sailfish yet since hardware to run it is difficult to come by here in the US, so I have to go by what Jolla themselves say about it. And they consider it still in heavy, active development, fixing major bugs and breakage issues. The fact that they chose to release it long before it was polished enough for daily use (an act well documented on this and other tech sites) stands, and actually I think that was a good decision (something Microsoft is derided for coincidentally). It also uses experimental technology like Wayland, which is far from stable itself and is also undergoing heavy development.
As for FirefoxOS and Ubuntu Touch, yes I have tested and used both extensively. Both have documented security and privacy issues, both still require fixes for major UI bugs, and device compatibility is severely low. The best experience to be had on a FirefoxOS device is not even on an official FirefoxOS phone!
Despite all of that, as I said I’m absolutely thrilled that each of those projects exists, and I hope all of them reach a state where they are good for daily use and start chipping away at the two giants.
Now, here’s the fun part: You made an erroneous assumption about me without actually knowing anything about me, which is what you were trying to call me out for in the first place. I mean, you wouldn’t judge someone if you know nothing about them, would you? Think about that.
(Late reply, sorry)
Actually I think I was quite spot on. As you say you have personal experience from two of these oses and then you make a generalization and judges the third to be just as bad.
The honest thing to do in that situation is to write it down like eg. “I have not used sailfish at all, but from what I have read it appears to me that it is not any better”.
I have not used firefox os, but the difference in stability and quality in daily use between sailfish and ubuntu touch (as it was 5 months ago) is quite staggering. Sailfish is very stable and mature in what it does (meaning that there is of course missing things compared to the big two players that might or might not be important to you). Ubuntu touch was in a whole other league stability wise, crashing 5-10 times a days instead of, when did I reboot my phone last again, like some months ago maybe? I don’t remember (Nexus 4 with sailfish).
So, instead Google push their “certified partners” to fix their code, they publish a disgusting hack to allow their broken systems to work with iOS? Funny.
Who said they aren’t? A transition like this doesn’t happen over a night. Even Apple recommends this short-term fix.
Edited 2015-08-27 19:34 UTC
Viewing that entire website was like sneaking into an enemy’s war room. Or their latrine. Feel like I need a hot shower now.
Google recommended an insecure hack for IOS 9 to allow their adds to work with them.
Why would anyone want to then switch to IOS? Anyone using google ads will just update their apps to include this hack. Right now, pre ios 9 its insecure. Post ios9 it will still be insecure.
Sailfish, et all will also still be insecure if the content is not over HTTPS.
I don’t quite understand why an app developer would even want that.
So the ads served via HTTP fail to load, wouldn’t the app keep requesting another ad until it gets one that does load?
So all the “bad” that would happen is that lazy ad providers would not get their ads shown.
Why would application developers care about that?
Well it makes sense if the app doesn’t have the ability to know if the ad loaded. In that case, the ad isn’t displayed and they don’t get paid for presenting that app.
So, that might be a reason why they want to deploy the workaround.
Or if the app actually displays an error ( due to Apple’s framework) then it also makes sense that they wouldn’t want their app randomly warning the user that the app is loading insecure content.
Hmm, that sounds rather implausible to me.
Either situation would already be possible without the additional security check, e.g. the load failing due to network problems or a security warning being displayed due to certificate verification failure (e.g. MITM attack, “open” WLAN proxy).
So a developer not content with either would already have measures against these, e.g. reload/rerequest, catching errors.
The situation gives me the impressiont that these app developers care so little about this part of the functionality that they have delegated it to some kind of badly implemented blackbox and that blackbox is now failing.
And instead of properly dealing with the perceived problem they are given a way to stay ignorant and continue to no care about the ads part.
You’re basically assuming the problem doesn’t exist and then questioning why there is a solution offered.
I think the fact that the solution is offered is proof that a problem *does* exist.
At least we could agree that the problem exists for Google, they want the non HTTPS ads to show.
I am not questioning that there is a problem, just that it is a problem for the app developers.
Of course the ad providers who cannot deliver via HTTPs are screwed, but why would an app developer care?
Especially care enought to work around someone else’s failure. And disabling a security feature in the process.
Time to divest myself of _any_ google assets/apps/ads…
Asta la by by! dumb asses!
Source: https://developer.apple.com/library/prerelease/ios/releasenotes/Gene…
So google is just recommending the same short-term fix as Apple, during the transition period.
Slight difference.
Then ask the same question of Apple.
PErsonally, I think that all advertising is the work of the Devil. I didn’t think that until I spent 18 months working for a smaller competitor to Google and saw how adverts are targetted.
IMHO for Google to suggest not using HTTPS in this day and age is just silly. I stopped using their search engine months ago. I have never used GMail or G+ and I don’t regret it.
Do no evil? Yeah right. Maybe once but now it is all about the mighty dollar.
Does that sound like Google suggesting not using HTTPS to you? No, it doesn’t – quite the opposite, really. This fuss is simply about a suggested workaround for third-party ads not loading correctly due to the ad providers not yet supporting HTTPS.
I dislike ads as much as anyone else here, but it’s a fact that they do financially support huge chunks of the internet infrastructure. We all know that Google’s revenue largely comes from ads and if they didn’t try to protect that revenue, they would be extremely dumb. Like most of you I don’t see any ads on the web, because I always have an adblocker running, so it’s the other less technical people who pay some parts of the internet with their eyeballs’s involuntary submission to ads. I really don’t know what’s there to complain about, Google could be far worse, it’s technically not in their interest that google chrome is able to run extensions like adblock plus, they would be smarter from the viewpoint of survival and making money if they would cripple the parts of the browser that allow for that. Sure, the geeks would find a way around that using modified versions of chrome/chromium or by switching (back) to firefox, but some fraction of people would simply learn to live with more ads. Microsoft doesn’t live from ads (yet), Apple doesn’t live from ads and so it’s not a surprise that they don’t have the same conflict of interest, which google by the way always had. Still most of us saw some positive sides to google, and I bet 99% of us never paid one cent (directly) for any google service (though I’d be interested to know if I’m wrong on this assumption). Google doesn’t make money from Android, google search or anything else, they only make money indirectly, now if you’re calling them trying to protect that business model “disgusting” then I’d like to know what exactly the alternative would be. A monthly subscription for google services like google search? I’m serious, I’m blocking ads like the rest of you, because I despise them in my life, but at least I’m recognizing that I’m a hypocrit, I want to eat a cake (use the google services) and keep it (not contribute in any way, not with money, not with allowing ads), too. If everyone was acting like me and most of you, there wouldn’t be a google like we know it. Maybe that would be a better world, who knows. Let’s please not pretend that google is now “showing it’s true colors of evil”, because there’s literally no other way google could act to protect their interests. With a lot of their decisions so far they are already indirectly going against their interests, as Android/chrome/etc. are open source, there’s always the possibility of developers forking/patching/extending in such a way that ads(their main source of money) are blocked completely. Just for a couple of minutes I disabled ad blocking and was amazed by the wall of annoying flashing banners that got forced into my field of view. This is what news sites are trying to make a living from, this is what google is trying to make a living from. Aren’t there even ads on Osnews? Google is protecting its interests and not forcing you to use any of their products (anymore), so it’s not really disgusting, because you’re always free to just not use it anymore. What’s disgusting is a dictator in North Korea keeping people in concentration camps, letting them starve in horrible conditions. But yeah, keep using strong words like disgusting for petty things, until they lose all their meaning.
Edited 2015-08-27 22:08 UTC
Google: ‘paragraph’
wall_of_text.txt
adblocking is getting more and more wide spread:
http://blog.pagefair.com/2014/adblocking-report/
root+adaway+adblock in firefox.
I think it’s annoying that the revenue for apps is probably higher for the ‘free, but with ads’ versions of the apps over the ‘pro’ version with no apps. I’d rather pay 2 bucks and have no ads ever, than have ads all the time that annoy the crap out of me.
Besides, why would we care if an ‘ad’ is ‘insecure’ it’s generally insecure regardless, since a lot of times they’re some javascript or flash based where nastiness can hide.
Confirmed: Storm in a teacup.
Had to think about it a bit but that what I think:
It doesn’t matter if I get scammed by an ad with secure or insecure connection. So thats not a real problem. However, by this hack you disable a security measurement that prevents that you accidentally leave a secure environment and leak confidential data. For example, if the app accidentally access some parts of a service through http. And thats a problem!
Btw. anyone an idea if ads can somehow access private “session” data? Or is there some security model for that?
You know, between your professed love of Macs and comments about Google, we may be calling this “iOS News” in a few years. iOS, the software that took everything that makes it good from BSD, and turned itself into a gated community. How many awards does Apple offer for finding bugs and hacks in its software? Not many.
As for ads, I saw recommendations from Google for https usage, not disabling of such. You might want to shake off those apple goggles and look again. Besides, I see plenty of FLASH ADS being blocked on your page. Security? I think not.
1
Browser: Mozilla/4.0 (compatible; Synapse)